electric-yjs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and applies user-generated Yjs updates from application endpoints (e.g., /api/yjs/doc-shape, /api/yjs/awareness-shape and the PUT endpoints /api/yjs/update, /api/yjs/awareness backed by Postgres) so untrusted third-party content is ingested and can materially alter document state and provider behavior.